Query regarding ksu.

Use Nas usenas at gmail.com
Wed Sep 1 05:33:09 EDT 2010


=======
Situation :
=======

Source User: root
Target User: non_root_user

There are no tickets in cache and currently we are logged in as "root" user.
#ksu non_root_user

Whats should be the expected behavior of the above command ?

I believe that if the source user is "root" and target is "non root" & there
is no ticket in the cache, then the it should prompt for the password for
"non root" user.  If there is ticket in the cache, then it doesn't prompt
for the password and creates a valid context and ticket.

However, there is a believe that the we should be able to ksu to all the any
non-root user ( when logged in as root ) similar to su command. but i think
it is against the design of kerberos , as we always need the password to
decrypt the TGT sent by KDC.

Please help me understand the above situation(s).

Thanks.



More information about the Kerberos mailing list